CVE-2016-7461

HIGH

VMware Fusion and Fusion Pro - Arbitrary Code Execution via Drag-and-Drop Function

Title source: llm
STIX 2.1

Description

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94280
Mitigation, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037282

Scores

CVSS v3 8.8
EPSS 0.0012
EPSS Percentile 30.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (26)
vmware/fusion 8.0.0
vmware/fusion 8.0.1
vmware/fusion 8.0.2
vmware/fusion 8.1.0
vmware/fusion 8.1.1
vmware/fusion 8.5.0
vmware/fusion 8.5.1
vmware/fusion_pro 8.0.0
vmware/fusion_pro 8.0.1
vmware/fusion_pro 8.0.2
... and 16 more
Published Dec 29, 2016
Tracked Since Feb 18, 2026